computer/linux/iptables
の編集
http://siti.dip.jp/wiki/index.php?computer/linux/iptables
[
トップ
] [
編集
|
差分
|
バックアップ
|
添付
|
リロード
] [
新規
|
一覧
|
単語検索
|
最終更新
|
ヘルプ
|
ログイン
]
-- 雛形とするページ --
bikefriday
books
BracketName
chemical
computer
computer/equation
computer/gromacs
computer/linux
computer/linux/apache2
computer/linux/cluster
computer/linux/emacs
computer/linux/FreeNAS
computer/linux/iptables
computer/linux/networking
computer/linux/ProFTPD
computer/linux/pukiwiki
computer/linux/RaspberryPi
computer/linux/service
computer/linux/torque
computer/programing
computer/programing/Eclipse
computer/programing/Python
computer/programing/python
computer/programing/Python/matplotlib
computer/programing/regular expression
computer/programing/vba
computer/programing/vmd
computer/windows
computer/windows/command prompt
computer/windows/ffmpeg
computer/windows/ImageJ
computer/windows/Inkscape
computer/windows/service
computer/windows/VBA
computer/windows/WebExpression
english
english/mail
english/P.R. response
english/あ
english/か
english/さ
FormattingRules
FrontPage
gnuplot
Help
InterWiki
InterWikiName
InterWikiSandBox
memo
memo/201902
memo/201903
memo/201904
memo/201905
memo/201907
memo/201911
memo/ai
memo/descri
memo/document
memo/life
memo/message
memo/procedure
memo/record
memo/work
memo/引っ越し
MenuBar
microserver
Notebook
PHP
PukiWiki
PukiWiki/1.4
PukiWiki/1.4/Manual
PukiWiki/1.4/Manual/Plugin
PukiWiki/1.4/Manual/Plugin/A-D
PukiWiki/1.4/Manual/Plugin/E-G
PukiWiki/1.4/Manual/Plugin/H-K
PukiWiki/1.4/Manual/Plugin/L-N
PukiWiki/1.4/Manual/Plugin/O-R
PukiWiki/1.4/Manual/Plugin/S-U
PukiWiki/1.4/Manual/Plugin/V-Z
RecentDeleted
SandBox
ST
testable
WikiEngines
WikiName
WikiWikiWeb
work
YukiWiki
[[FrontPage]] TCP and UDP are used as a communication protocol, and there is a concept of port in each protocol. It should be noted that port 80 of TCP and port 80 of UDP are not same. Following are typical protocol and port number. |service|protocol|port|h |http server (HTTP)|TCP|80| |http server (SSL)|TCP|443| |mail server (POP3)|TCP|110| |mail server (IMAP)|TCP|143| |mail server (SMTP)|TCP|25| |mail server (submission port)|TCP|587| |FTP|TCP|20, 21| |SSH, SFTP|TCP|22| The iptables are managed using iptables-persistent. # aptitude install iptables-persistent The rules.v6 and the rules.v4 are made in /etc/iptalbes/. All ports in IPv6 should be closed if these ports are not used. ''/etc/iptables/rules.v6'' #highlighter(){{ *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] COMMIT }} In IPv4, all ports should be basically closed, except for necessary ports. ''/etc/iptables/rules.v4'' #highlighter(){{ *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # たとえばHTTP -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # SSHで設定したポートを指定 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT # -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_log: " --log-level 7 -A INPUT -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -j ACCEPT COMMIT }} In Debian 8.0 (Jessie), following command are used to reflect new setting, except for script of init.d. # netfilter-persistent reload ---- http://www.serverlog.jp/iptables/ https://setting-tool.net/debian-install-jessie http://www.mk-mode.com/octopress/2013/10/15/debian-7-setting-iptables/ http://nabe.blog.abk.nu/soft/Debian-jessie http://www.yazin.info/blog/archives/2012/0321_155638.html http://labs.opentone.co.jp/?p=6553 http://qiita.com/upamune/items/7adc03e8a87f8ce4b924 http://epian-wiki.appspot.com/wiki/Debian/iptables ファイアウォールiptablesを簡単解説~初心者でもよくわかる!VPSによるWebサーバー運用講座(4) http://knowledge.sakura.ad.jp/beginner/4048/ https://help.sakura.ad.jp/hc/ja/articles/206208121-iptables%E3%81%AE%E8%A8%AD%E5%AE%9A%E6%96%B9%E6%B3%95 ----
タイムスタンプを変更しない
[[FrontPage]] TCP and UDP are used as a communication protocol, and there is a concept of port in each protocol. It should be noted that port 80 of TCP and port 80 of UDP are not same. Following are typical protocol and port number. |service|protocol|port|h |http server (HTTP)|TCP|80| |http server (SSL)|TCP|443| |mail server (POP3)|TCP|110| |mail server (IMAP)|TCP|143| |mail server (SMTP)|TCP|25| |mail server (submission port)|TCP|587| |FTP|TCP|20, 21| |SSH, SFTP|TCP|22| The iptables are managed using iptables-persistent. # aptitude install iptables-persistent The rules.v6 and the rules.v4 are made in /etc/iptalbes/. All ports in IPv6 should be closed if these ports are not used. ''/etc/iptables/rules.v6'' #highlighter(){{ *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] COMMIT }} In IPv4, all ports should be basically closed, except for necessary ports. ''/etc/iptables/rules.v4'' #highlighter(){{ *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # たとえばHTTP -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # SSHで設定したポートを指定 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT # -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_log: " --log-level 7 -A INPUT -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -j ACCEPT COMMIT }} In Debian 8.0 (Jessie), following command are used to reflect new setting, except for script of init.d. # netfilter-persistent reload ---- http://www.serverlog.jp/iptables/ https://setting-tool.net/debian-install-jessie http://www.mk-mode.com/octopress/2013/10/15/debian-7-setting-iptables/ http://nabe.blog.abk.nu/soft/Debian-jessie http://www.yazin.info/blog/archives/2012/0321_155638.html http://labs.opentone.co.jp/?p=6553 http://qiita.com/upamune/items/7adc03e8a87f8ce4b924 http://epian-wiki.appspot.com/wiki/Debian/iptables ファイアウォールiptablesを簡単解説~初心者でもよくわかる!VPSによるWebサーバー運用講座(4) http://knowledge.sakura.ad.jp/beginner/4048/ https://help.sakura.ad.jp/hc/ja/articles/206208121-iptables%E3%81%AE%E8%A8%AD%E5%AE%9A%E6%96%B9%E6%B3%95 ----
テキスト整形のルールを表示する